Your “Notice” Is Missing: Detecting and Fixing Violations of Modification Terms in Open Source Licenses during Forking
Open source software brings benefit to the software community but also introduces legal risks caused by license violations, which result in serious consequences such as lawsuits and financial losses. To mitigate legal risks, some approaches have been proposed to identify licenses, detect license incompatibilities and inconsistencies, and recommend licenses. As far as we know, however, there is no prior work to understand modification terms in open source licenses or to detect and fix violations of modification terms.
To bridge this gap, we first empirically characterize modification terms in 48 open source licenses. These licenses all require certain forms of “notice” to describe the modifications made to the original work. Inspired by our study, we then design LiVo to automatically detect and fix violations of modification terms in open source licenses during forking. Our evaluation has shown the effectiveness and efficiency of LiVo. 18 pull requests for fixing modification term violations have received positive responses. 8 have been merged.
Fri 20 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
15:30 - 16:30 | Analysis of Code OriginTechnical Papers at EI 10 Fritz Paschke Chair(s): Darko Marinov University of Illinois at Urbana-Champaign | ||
15:30 20mTalk | Enhancing Robustness of Code Authorship Attribution through Expert Feature Knowledge Technical Papers Xiaowei Guo Huazhong University of Science and Technology, Cai Fu Huazhong University of Science and Technology, Juan Chen Huazhong University of Science and Technology, Hongle Liu Huazhong University of Science and Technology, Lansheng Han Huazhong University of Science and Technology, Wenjin Li NSFOCUS Technologies Group DOI | ||
15:50 20mTalk | Your “Notice” Is Missing: Detecting and Fixing Violations of Modification Terms in Open Source Licenses during Forking Technical Papers Kaifeng Huang Tongji University, Yingfeng Xia Fudan University, Bihuan Chen Fudan University, Siyang He Fudan University, Huazheng Zeng Fudan University, Zhuotong Zhou Fudan University, Jin Guo Fudan University, Xin Peng Fudan University DOI | ||
16:10 20mTalk | DeLink: Source File Information Recovery in Binaries Technical Papers Zhe Lang Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Zhengzi Xu Nanyang Technological University; Imperial Global Singapore, Xiaohui Chen China Mobile Research Institute, Shichao Lv Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Zhanwei Song Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Zhiqiang Shi Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences DOI | ||